nanog mailing list archives
Re: SRv6
From: Mark Tinka <mark.tinka () seacom com>
Date: Sat, 19 Sep 2020 12:27:37 +0200
On 19/Sep/20 05:56, mark seery wrote:
While I get your point, and it is a good one, no. Once lawyers, finance, and other functions get involved, it goes from being just another technology, to a pain for suppliers and customers alike. Export laws complicate implementation, and vendors can only afford and/or have the operational agility, to do an implementation once. Any security tech that is sufficiently interesting, is going to be a pain for router vendors to implement and operationalize given the government’s attitude to such tech. The lower in the stack it is, the bigger the pain. That said, vendors are being asked to put MACSec in and I suspect more platforms supporting it will become available over tim
Totally share your view.End-points already have plenty of methods to provide security, as do tons of "appliances" one can deploy as CPE.
We don't need to complicate the backbone further by having it do wholesale encryption. But alas, watch this space...
The best thing we can do, as operators, is not make this a reality. If gubbermints want us to, then they are welcome to fund the project.
Mark.
Current thread:
- Re: SRv6, (continued)
- Re: SRv6 mark seery (Sep 18)
- Re: SRv6 Mark Tinka (Sep 19)
- Re: SRv6 Valdis Klētnieks (Sep 19)
- Re: SRv6 Mark Tinka (Sep 20)
- Re: SRv6 Łukasz Bromirski (Sep 21)
- Re: SRv6 Mark Tinka (Sep 16)
- Re: SRv6 James Bensley (Sep 16)
- Re: SRv6 Randy Bush (Sep 16)
- Re: SRv6 Paul Timmins (Sep 16)
- Re: SRv6 James Bensley (Sep 18)
- Re: SRv6 Randy Bush (Sep 18)
- Re: SRv6 Tom Hill (Sep 21)